Re: mod_perl and cgi-script handler

Sun, 11 Jun 2017 02:57:47 -0700 

Addendum :

This is independent of the other previous explanations.
If your cgi-bin scripts happen to be written in perl, then you would get a rather important *response* performance improvement by using 

<Directory /var/www/my-server-name/cgi-bin>
  SetHandler perl-script
  PerlResponseHandler ModPerl::Registry
..
</Directory>
That is because then, the first time your script is called, mod_perl would compile it, and save the (pre-)compiled code in memory. And the next time your script is called, the Apache-embedded perl interpreter would just run the pre-compiled code.
One drawback is memory : each of the Apache "children" will now store a pre-compiled copy of every perl cgi-bin script that has been run since this child was started. But if your scripts are run many times, the performance improvement is really dramatic. 


On 11.06.2017 11:36, André Warnier (tomcat) wrote:

Hi.

Now that you mention this, I believe that the original "mistake" in your 
configuration
was the

<Directory /var/www/my-server-name/cgi-bin>
..
    SetHandler modperl
..
</Directory>

and by just taking that line out, you would have the same effect (without the 
<FilesMatch>).
SetHandler is the line which originally overrides the effect of "ScriptAlias".

You do not need "SetHandler modperl" in order to do the authentication via your 
module.
The "PerlAuthenHandler" is all that is needed.

SetHandler applies to the Apache response-generation phase, which comes later 
than the AAA
phase.

To explain this in another way :

What you are now doing below is :

1) ScriptAlias /cgi-bin/ "/var/www/my-server-name/cgi-bin/"

That does the same as :
Alias /cgi-bin/ "/var/www/my-server-name/cgi-bin/"
plus
<Directory /var/www/my-server-name/cgi-bin/>
   SetHandler cgi-script
<Directory>

It sets the Apache response-generating module to be mod_cgi, instead of the 
default (which
serves static pages).
See :
http://httpd.apache.org/docs/2.4/mod/mod_alias.html#scriptalias
http://httpd.apache.org/docs/2.4/mod/mod_cgi.html

2) SetHandler modperl

This overrides the "cgi-script" response handler which you set above, to set 
mod_perl
instead.  mod_perl would now expect an additional directive
PerlResponseHandler (some perl sub/method).
See : http://perl.apache.org/docs/2.0/user/config/config.html#C_SetHandler_

3) <FilesMatch>
   SetHandler cgi-script

By doing this, you are resetting the response handler again, from mod_perl back 
to
cgi-script (mod_cgi).


So instead, if you just omit
   SetHandler modperl

it would be simpler, and just as effective.

And if you want even more info about what is happening, see the following :
https://perl.apache.org/docs/2.0/user/handlers/http.html
(Note : the AAA part there is outdated for Apache 2.4)

On 11.06.2017 01:47, Jie Gao wrote:

It seemed "SetHandler" in the mod_perl section overwrote the settings for 
cgi-script.
Adding the following to the directory stanza fixed the problem:

     <FilesMatch .*>
         SetHandler cgi-script
     </FilesMatch>

..

Regards,


Jie



* Jie Gao <j....@sydney.edu.au> wrote:


Date: Fri, 9 Jun 2017 20:35:43 +1000
From: Jie Gao <j....@sydney.edu.au>
To: modperl@perl.apache.org
Subject: mod_perl and cgi-script handler
User-Agent: Mutt/1.5.24 (2015-08-30)

Hi All

I have run into a problem with CGI under mod_perl, and I can't get my head 
around it.

I wanted to put a "cgi-bin" directory under my authentication/authorisation 
handlers,
but while authen/authz works fine (debug showing access granted), the directory 
is in
the end not handled by "cgi-script", the default cgid content handler, and the 
text of
the cgi script gets displayed instead.

My configuration is like the following:

#------------------------------------------------------------

PerlAddAuthzProvider my_User W::W::Authnz->authz

<VirtualHost _default_:443>
...
ScriptAlias /cgi-bin/ "/var/www/my-server-name/cgi-bin/"

<Directory /var/www/my-server-name/cgi-bin>
     AllowOverride None

#    PerlOptions +SetupEnv
#    Options +ExecCGI
#    SetHandler modperl
#    PerlAuthenHandler W::W::Authnz->authen
#    AuthType mytype
#    AuthName 'myname'
#    <RequireAll>
#    Require my_User mylogin
#    Require ip 10.65.
#    </RequireAll>
</Directory>

</VirtualHost>

#------------------------------------------------------------

If I comment out, as above, all the mod_perl configurations, and then add 
"Require all
granted" to the directory stanza, the cgi scripts will run normally.

Any tips/pointers as to where else I should look would be much appreciated.

Regards,



Jie

Reply via email to